Abstract: In Cyber Physical System (CPS), if there are a large number of persons in the process, a role of person in CPS might be different comparing with the one-man system. It is also necessary to consider how Human-in-The-Loop Cyber Physical Systems (HiTLCPS) ensure safety of each person in the loop process. In this paper, the authors discuss a system safety framework with an illustrative example with STAMP model to clarify what point for safety should be considered and what role of person in the should have.
Abstract: Internal auditing is one of the most important activities for organizations that implement information security management systems (ISMS). The purpose of internal audits is to ensure the ISMS implementation is in accordance to the ISO/IEC 27001 standard and the organization’s own requirements for its ISMS. Competent internal auditors are the main element that contributes to the effectiveness of internal auditing activities. To realize this need, CyberSecurity Malaysia is now in the process of becoming a certification body that certifies ISMS internal auditors. The certification scheme will assess the competence of internal auditors in generic knowledge and skills in management systems, and also in ISMS-specific knowledge and skills. The certification assessment is based on the ISO/IEC 19011 Guidelines for auditing management systems, ISO/IEC 27007 Guidelines for information security management systems auditing and ISO/IEC 27001 Information security management systems requirements. The certification scheme complies with the ISO/IEC 17024 General requirements for bodies operating certification systems of persons. Candidates who pass the exam will be certified as an ISMS Internal Auditor, whose competency will be evaluated every three years.
Abstract: With the technological development and rise of virtual worlds, these spaces are becoming more and more attractive for cybercriminals, hidden behind avatars and fictitious identities. Since access to these spaces is not restricted or controlled, some impostors take advantage of gaining unauthorized access and practicing cyber criminality. This paper proposes an identity management approach for securing access to virtual worlds. The major purpose of the suggested solution is to install a strong security mechanism to protect virtual identities represented by avatars. Thus, only legitimate users, through their corresponding avatars, are allowed to access the platform resources. Access is controlled by integrating an authentication process based on biometrics. In the request process for registration, a user fingerprint is enrolled and then encrypted into a watermark utilizing a cancelable and non-invertible algorithm for its protection. After a user personalizes their representative character, the biometric mark is embedded into the avatar through a watermarking procedure. The authenticity of the avatar identity is verified when it requests authorization for access. We have evaluated the proposed approach on a dataset of avatars from various virtual worlds, and we have registered promising performance results in terms of authentication accuracy, acceptation and rejection rates.
Abstract: Although there are several advantages of information and communication technologies, they cause some problems like cyber bullying and cyber victimization. Cyber bullying and cyber victimization have lots of negative effects on people. There are lots of different strategies to prevent cyber bullying and victimization. This study was conducted to provide information about the strategies that are used to prevent cyber bullying and cyber victimization. 120 (60 women, 60 men) university students whose ages are between 18 and 35 participated this study. According to findings of this study, men are more prone to cyber bullying than women. Moreover, men are also more prone to cyber victimization than women.
Abstract: With the increasing complexity of cyberspace security, the cyber-attack attribution has become an important challenge of the security protection systems. The difficult points of cyber-attack attribution were forced on the problems of huge data handling and key data missing. According to this situation, this paper presented a reasoning method of cyber-attack attribution based on threat intelligence. The method utilizes the intrusion kill chain model and Bayesian network to build attack chain and evidence chain of cyber-attack on threat intelligence platform through data calculation, analysis and reasoning. Then, we used a number of cyber-attack events which we have observed and analyzed to test the reasoning method and demo system, the result of testing indicates that the reasoning method can provide certain help in cyber-attack attribution.
Abstract: One of the leading problems in Cyber Security today
is the emergence of targeted attacks conducted by adversaries with
access to sophisticated tools. These attacks usually steal senior level
employee system privileges, in order to gain unauthorized access to
confidential knowledge and valuable intellectual property. Malware
used for initial compromise of the systems are sophisticated and
may target zero-day vulnerabilities. In this work we utilize common
behaviour of malware called ”beacon”, which implies that infected
hosts communicate to Command and Control servers at regular
intervals that have relatively small time variations. By analysing
such beacon activity through passive network monitoring, it is
possible to detect potential malware infections. So, we focus on
time gaps as indicators of possible C2 activity in targeted enterprise
networks. We represent DNS log files as a graph, whose vertices
are destination domains and edges are timestamps. Then by using
four periodicity detection algorithms for each pair of internal-external
communications, we check timestamp sequences to identify the
beacon activities. Finally, based on the graph structure, we infer the
existence of other infected hosts and malicious domains enrolled in
the attack activities.
Abstract: Cybersecurity is one of the greatest challenges society faces in an age revolving around technological development. With cyber-attacks on the continuous rise, the nation needs to understand and learn ways that can prevent such attacks. A major contribution that can change the education system is to implement laboratories and competitions into academia. This method can improve and educate students with more hands-on exercises in a highly motivating setting. Considering the fact that students are the next generation of the nation’s workforce, it is important for students to understand concepts not only through books, but also through actual hands-on experiences in order for them to be prepared for the workforce. An effective cybersecurity education system is critical for creating a strong cyber secure workforce today and for the future. This paper emphasizes the need for awareness and the need for competitions and cybersecurity laboratories to be implemented into the education system.
Abstract: MSN used to be the most popular application for
communicating among social networks, but Facebook chat is now the
most popular. Facebook and MSN have similar characteristics,
including usefulness, ease-of-use, and a similar function, which is the
exchanging of information with friends. Facebook outperforms MSN
in both of these areas. However, the adoption of Facebook and
abandonment of MSN have occurred for other reasons. Functions can
be improved, but users’ willingness to use does not just depend on
functionality. Flow status has been established to be crucial to users’
adoption of cyber applications and to affects users’ adoption of
software applications. If users experience flow in using software
application, they will enjoy using it frequently, and even change their
preferred application from an old to this new one. However, no
investigation has examined choice behavior related to switching from
Facebook to MSN based on a consideration of flow experiences and
functions. This investigation discusses the flow experiences and
functions of social-networking applications. Flow experience is found
to affect perceived ease of use and perceived usefulness; perceived
ease of use influences information ex-change with friends, and
perceived usefulness; information exchange influences perceived
usefulness, but information exchange has no effect on flow
experience.
Abstract: Strategic investment decisions are characterized by
high innovation potential and long-term effects on the
competitiveness of enterprises. Due to the uncertainty and risks
involved in this complex decision making process, the need arises for
well-structured support activities. A method that considers cost and
the long-term added value is the cost-benefit effectiveness estimation.
One of those methods is the “profitability estimation focused on
benefits – PEFB”-method developed at the Institute of Management
Cybernetics at RWTH Aachen University. The method copes with
the challenges associated with strategic investment decisions by
integrating long-term non-monetary aspects whilst also mapping the
chronological sequence of an investment within the organization’s
target system. Thus, this method is characterized as a holistic
approach for the evaluation of costs and benefits of an investment.
This participation-oriented method was applied to business
environments in many workshops. The results of the workshops are a
library of more than 96 cost aspects, as well as 122 benefit aspects.
These aspects are preprocessed and comparatively analyzed with
regards to their alignment to a series of risk levels. For the first time,
an accumulation and a distribution of cost and benefit aspects
regarding their impact and probability of occurrence are given. The
results give evidence that the PEFB-method combines precise
measures of financial accounting with the incorporation of benefits.
Finally, the results constitute the basics for using information
technology and data science for decision support when applying
within the PEFB-method.
Abstract: Privacy is sacred and would normally be expected and preserved by an individual. Online privacy is no longer about the right to be left alone, but also includes the right not to be monitored. However, with the revelations made by United States National Security Agency former employee Edward Snowden that the government is spying on internet communications, individuals’ privacy can no longer be expected. Therefore, this paper is intended to evaluate law related to privacy protection in the digital domain, who should govern it and whether invasion to a person’s privacy is a necessary justification to preserve national security.
Abstract: The energy need is growing rapidly due to the
population growth and the large new usage of power. Several works
put considerable efforts to make the electricity grid more intelligent
to reduce essentially energy consumption and provide efficiency and
reliability of power systems. The Smart Grid is a complex
architecture that covers critical devices and systems vulnerable to
significant attacks. Hence, security is a crucial factor for the success
and the wide deployment of Smart Grids. In this paper, we present
security issues of the Smart Grid architecture and we highlight open
issues that will make the Smart Grid security a challenging research
area in the future.
Abstract: Cyber exercises used to assess the preparedness of a
community against cyber crises, technology failures and Critical
Information Infrastructure (CII) incidents. The cyber exercises also
called cyber crisis exercise or cyber drill, involved partnerships or
collaboration of public and private agencies from several sectors.
This study investigates Organisation Cyber Resilience (OCR) of
participation sectors in cyber exercise called X Maya in Malaysia.
This study used a principal based cyber resilience survey called CSuite
Executive checklist developed by World Economic Forum in
2012. To ensure suitability of the survey to investigate the OCR, the
reliability test was conducted on C-Suite Executive checklist items.
The research further investigates the differences of OCR in ten
Critical National Infrastructure Information (CNII) sectors
participated in the cyber exercise. The One Way ANOVA test result
showed a statistically significant difference of OCR among ten CNII
sectors participated in the cyber exercise.
Abstract: Cyberspace has become a more viable arena for
budding artists to share musical acts through digital forms. The
increasing relevance of online communities has attracted scholars
from various fields demonstrating its influence on social capital. This
paper extends this understanding of social capital among Filipino
music artists belonging to the SoundCloud Philippines Facebook
Group.
The study makes use of various qualitative data obtained from
key-informant interviews and participant observation of online and
physical encounters, analyzed using the case study approach.
Soundcloud Philippines has over seven-hundred members and is
composed of Filipino singers, instrumentalists, composers, arrangers,
producers, multimedia artists and event managers. Group interactions
are a mix of online encounters based on Facebook and SoundCloud
and physical encounters through meet-ups and events. Benefits
reaped from the community are informational, technical,
instrumental, promotional, motivational and social support. Under the
guidance of online group administrators, collaborative activities such
as music productions, concerts and events transpire. Most conflicts
and problems arising are resolved peacefully. Social capital in
SoundCloud Philippines is mobilized through recognition, respect
and reciprocity.
Abstract: Rapidly changing factors that affect daily life also affect operational environment and the way military leaders fulfill their missions. With the help of technological developments, traditional linearity of conflict and war has started to fade away. Furthermore, mission domain has broadened to include traditional threats, hybrid threats and new challenges of cyber and space. Considering the future operational environment, future military leaders need to adapt themselves to the new challenges of the future battlefield. But how to decide what kind of features of leadership are required to operate and accomplish mission in the new complex battlefield? In this article, the main aim is to provide answers to this question. To be able to find right answers, first leadership and leadership components are defined, and then characteristics of future operational environment are analyzed. Finally, leadership features that are required to be successful in redefined battlefield are explained.
Abstract: Security can be defined as the degree of resistance to, or protection from harm. It applies to any vulnerable and valuable assets, such as persons, dwellings, communities, nations or organizations. Cybercrime is any crime committed or facilitated via the Internet. It is any criminal activity involving computers and networks. It can range from fraud to unsolicited emails (spam). It includes the distant theft of government or corporate secrets through criminal trespass into remote systems around the globe. Nigeria like any other nations of the world is currently having her own share of the menace that has been used even as tools by terrorists. This paper is an attempt at presenting cyber security as an issue that requires a coordinated national response. It also acknowledges and advocates the key roles to be played by stakeholders and the importance of forging strong partnerships to prevent and tackle cybercrime in Nigeria.
Abstract: This paper examines the system protection for cyber-physical
systems (CPS). CPS are particularly characterized by their
networking system components. This means they are able to adapt to
the needs of their users and its environment. With this ability, CPS
have new, specific requirements on the protection against anti-counterfeiting,
know-how loss and manipulation. They increase the
requirements on system protection because piracy attacks can be
more diverse, for example because of an increasing number of
interfaces or through the networking abilities. The new requirements
were identified and in a next step matched with existing protective
measures. Due to the found gap the development of new protection
measures has to be forced to close this gap. Moreover a comparison
of the effectiveness between selected measures was realized and the
first results are presented in this paper.
Abstract: Applications of the Hausdorff space and its mappings
into tangent spaces are outlined, including their fractal dimensions
and self-similarities. The paper details this theory set up and further
describes virtualizations and atomization of manufacturing processes.
It demonstrates novel concurrency principles that will guide
manufacturing processes and resources configurations. Moreover,
varying levels of details may be produced by up folding and breaking
down of newly introduced generic models. This choice of layered
generic models for units and systems aspects along specific aspects
allows research work in parallel to other disciplines with the same
focus on all levels of detail. More credit and easier access are granted
to outside disciplines for enriching manufacturing grounds. Specific
mappings and the layers give hints for chances for interdisciplinary
outcomes and may highlight more details for interoperability
standards, as already worked on the international level. The new rules
are described, which require additional properties concerning all
involved entities for defining distributed decision cycles, again on the
base of self-similarity. All properties are further detailed and assigned
to a maturity scale, eventually displaying the smartness maturity of a
total shopfloor or a factory. The paper contributes to the intensive
ongoing discussion in the field of intelligent distributed
manufacturing and promotes solid concepts for implementations of
Cyber Physical Systems and the Internet of Things into
manufacturing industry, like industry 4.0, as discussed in German-speaking
countries.
Abstract: It is important to take security measures to protect
your computer information, reduce identify theft, and prevent from
malicious cyber-attacks. With cyber-attacks on the continuous rise,
people need to understand and learn ways to prevent from these
attacks. Cyber-attack is an important factor to be considered if one is
to be able to protect oneself from malicious attacks. Without proper
security measures, most computer technology would hinder home
users more than such technologies would help. Knowledge of how
cyber-attacks operate and protective steps that can be taken to reduce
chances of its occurrence are key to increasing these security
measures. The purpose of this paper is to inform home users on the
importance of identifying and taking preventive steps to avoid cyberattacks.
Throughout this paper, many aspects of cyber-attacks will be
discuss: what a cyber-attack is, the affects of cyber-attack for home
users, different types of cyber-attacks, methodology to prevent such
attacks; home users can take to fortify security of their computer.
Abstract: A Distributed Denial of Service (DDoS) attack is a
major threat to cyber security. It originates from the network layer or
the application layer of compromised/attacker systems which are
connected to the network. The impact of this attack ranges from the
simple inconvenience to use a particular service to causing major
failures at the targeted server. When there is heavy traffic flow to a
target server, it is necessary to classify the legitimate access and
attacks. In this paper, a novel method is proposed to detect DDoS
attacks from the traces of traffic flow. An access matrix is created
from the traces. As the access matrix is multi dimensional, Principle
Component Analysis (PCA) is used to reduce the attributes used for
detection. Two classifiers Naive Bayes and K-Nearest neighborhood
are used to classify the traffic as normal or abnormal. The
performance of the classifier with PCA selected attributes and actual
attributes of access matrix is compared by the detection rate and
False Positive Rate (FPR).
Abstract: Botnets are one of the most serious and widespread
cyber threats. Today botnets have been facilitating many
cybercrimes, especially financial, top secret thefts. Botnets can be
available for lease in the market and are utilized by the
cybercriminals to launch massive attacks like DDoS, click fraud,
phishing attacks etc., Several large institutions, hospitals, banks,
government organizations and many social networks such as twitter,
facebook etc., became the target of the botmasters. Recently,
noteworthy researches have been carried out to detect bot, C&C
channels, botnet and botmasters. Using many sophisticated
technologies, botmasters made botnet a titan of the cyber world.
Innumerable challenges have been put forth by the botmasters to the
researchers in the detection of botnet. In this paper we present a
survey of different types of botnet C&C channels and also provide a
comparison of various botnet categories. Finally we hope that our
survey will create awareness for forthcoming botnet research
endeavors.